How to Determine if Back Orifice 2000 Is Installed On Your SystemID: Q237280
|
This article describes how to determine if Back Orifice 2000 is installed on your computer.
When Back Orifice 2000 is installed on a Windows-based computer, the computer can be remotely controlled by another user.
Although remote control software is not malicious in and of itself, Back Orifice 2000 is intended to be used for malicious purposes, and includes stealth behavior that has no purpose other than to make detection of the program difficult. To protect your system, follow safe computing practices and use current anti-virus software.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicewith the following value:
"Umgr32.exe"="C:\\Windows\\System\\Umgr32.exe e"NOTE: Umgr32.exe is the default file name for Back Orifice 2000, and it can be modified by the distributor of the program. If the file name is modified, the registry value contains the path to the designated file name.
http://www.microsoft.com/security/default.aspThe third-party contact information included in this article is provided to help you find the technical support you need. This contact information is subject to change without notice. Microsoft in no way guarantees the accuracy of this third-party contact information.
Additional query words: virus cult dead cow cdc bo2k
Keywords :
Version : WINDOWS:95,98,98 Second Edition; winnt:4.0
Platform : WINDOWS winnt
Issue type : kbinfo
Last Reviewed: August 9, 1999